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combinations to a web server in order to confirm a password of a 
specific membership ID, and a second step in which, upon receipt 
of the request, the web server provides the user terminal with a 
first group of question-answer-hint combinations including a first 
question-answer-hint combination corresponding to a first character 
of the password and a second group of question-answer-hint 
combinations including a second question -answer-hint combination 
corresponding to a second character of the password. The method 
of the present invention has an advantage in that it provides an 
authenticating process on the website without collecting any personal 
information while having the same level of security compared to that 
of a password, hiding the meaning even from a website administrator, 
and assuring high reliability on the authentication of users on the 
website, and storage media storing a program source of the method. 
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[DESCRIPTION] 
[Invention Title] 

METHOD FOR OPERATING AND AUTHENTICATING PASSWORD 
SYSTEM, AND STORAGE MEDIA HAVING PROGRAM SOURCE THEREOF 
[Technical Field] 

The present invention relates to a method for operating and authenticating a 
5 password system and storage media storing a program source thereof, and more 
particularly, to a method for operating and authenticating a password system which 
provides an authenticating process on the website without collecting any personal 
information while having the same level of security compared to that of a password, hiding 
the meaning even from a website administrator, and assuring high reliability on the 
10 authentication of users on the website, and storage media storing a program source of the 
method. 
[Background Art] 

Nowadays, it is widespread that numerous websites managed by a membership 
system require visitors to join the website by inputting their own IDs and passwords. 
15 There are plenty of websites using the membership system. Therefore, when a 

long time has been passed since a member had set up an initial password and had not 
visited the website afterward, there is frequently arisen an event of forgetting a password 
inputted at the moment of joining the website. 

In this case, the existing solutions for authenticating the member and reissuing a 
20 password are as follows. 

First of all, there is a method of asking the member's background information 
derived by his/her own experience. 

FIG 1 shows an example of a process of inputting background information on the 
membership website and FIG 2 illustrates a process of confirming the background 
25 information inputted through the process presented in FIG 1 . 

As shown in FIG 1, according to the current membership website, in order to join 
the website a member is required to select any one of questions, for example, c what is your 
most memorable place?', 'what is your favorite motto?', 'what is your most valuable 
thing?', 'what's the name of your most memorable teacher?' and so on, and write an 
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answer to the selected question based on his/her own experience. 

Then, the website stores the background information written by the member in a 
membership management database, and then, validates the member by means of the 
method given in FIG 2 when it needs to authenticate the member to issue a new password 
5 due to loss of a previously registered password. According to the example described in 
FIG 2, it expects that the member inputs the background information on his/her birth place, 
already inputted when joining the membership website, for getting authentication. 

By utilizing the personal information directly inputted by the member as 
information for authenticating the member, the membership website decreases the 
10 possibility that other person having none or small information on the member's private life 
does any act such as taking the password reissue by deceiving an administrator of the 
website as the member. 

As another example of the authenticating process adopted by the membership 
websites, there exists a method of authenticating members via e-mail. 
1 5 FIG 3 illustrates a process of authenticating members by e-mail. 

As exemplified in FIG 3, although other person successfully answers to the 
question based on the member's personal experience, many membership websites send the 
password or temporary password via e-mail registered by the member, rather than offering 
the password immediately to the other person at that stage. In case of sending the 
20 temporary password, the member is required to go through the steps of logging with the 
temporary password and then changing it to a desired password. 

The method of authentication based on the member's background information as 
explained in FIG 1 and the method via e-mail as described in FIG 3 have been used 
separately, but those two methods tend to be adopted for two-step confirmation in recent 
25 years. 

In the case of passing through the two steps of authentication as such, since it 
appears that other person is not able to check out e-mail being sent to a designated address, 
it could be seen that the current password operating system, adopted by many membership 
websites, acquires some extent of security. 
30 [Disclosure] 

[Technical Problem] 
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However, the process of authentication in the current websites discussed 
above brings several problems as following. 

Fundamentally, there are more problems except surreptitious use of the password 
and liability of failing authentication. 
5 Firstly, the process of authentication for reissuing the password has a lower 

security level compared to the password itself. 

The membership website operates the password system in order to validate a user 
with ID and the password thereof, and reissues the password through a given 
authenticating process in the case of forgetting the password. Thus, the security level of 
10 the authenticating process for reissuing the password should be at least equal to that of the 
password itself. 

However, the current authenticating process described above allows others to get 
the password reissue by answering to the questions without the password or by sending a 
copy of other's identification card (in case of a real name system), thereby rendering 
1 5 other's ID used by stealth. 

Secondly, a drawback is that personal information is drained and its surreptitious 
use is allowable. 

In general, in case of failure in authentication on the membership website, there is 
no special way to log-in the website by using a present ID. Consequently, the problem of 
20 losing the member's own precious ID permanently happens due to the failure of 
authentication, so the real name membership system is preferred because it adopts an easier 
way to authenticate. 

By the way, during the process of joining the real name membership on the 
website, it is general to collect personal information more than necessarily; and there is 
25 often occurred a problem of draining the collected personal information to unwanted places. 
Furthermore, there exists a problem that makes the drained personal information misused 
as information to use other's ID by stealth in the other websites again. 

Thirdly, another problem is that there is no way of confirming whether to assure 
security of the authenticating process. 
30 Likewise the security management of encoded password itself, information in the 

established process of authentication for the loss of the password should also have the 
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same level of security; and accordingly, the administrator of the website should not of 
course be allowed to be aware of the meaning of information in the process of 
authentication, even at its sight. 

In general, however, issuing a new password by sending a copy of the member's 
identification card in case of loss of the password involves a problem, which is difficult to 
be solved by the existing authentication method, in which there exists a possibility for the 
administrator to store the personal information without decoding it and also for the 
administrator acquiring such information to use it by stealth anytime. 

Due to these problems, there have been needs for the method of authenticating a 
password system which provides an authenticating process on the website without 
collecting any personal information while having the same level of security compared to 
that of a password, hiding the meaning even from a website administrator, and assuring 
high reliability on the authentication of users on the website, and storage media having a 
program source of the method. 
[Technical Solution] 

The present invention has been developed in order to solve the above problems, 
and it is, therefore, an object of the present invention to provide a method for operating and 
authenticating a password system which provides an authenticating process on the website 
without collecting any personal information while having the same level of security 
compared to that of a password, hiding the meaning even from a website administrator, and 
assuring high reliability on the authentication of users on the website, and storage media 
storing a program source of the method. 

According to one aspect of the present invention to achieve the above object, there 
is provided a method of operating a password system, comprising: a first step of providing 
a user requesting authentication with a group of question-answer combinations including a 
question-answer combination corresponding to a specific membership ID; a second step of 
allowing the user to select one question-answer combination from the group of question- 
answer combinations in a multiple-choice manner, and a third step of authenticating the 
user as an owner of the specific membership ID if the selected question-answer 
combination is identical to the question-answer combination corresponding to the specific 
membership ID. 
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According to another aspect of the present invention, there is provided a method 
of operating a password system, comprising: a first step in which a user terminal requests a 
group of question-answer-hint combinations to a web server in order to confirm a password 
of a specific membership ID; and,a second step in which, upon receipt of the request, the 
web server provides the user terminal with a first group of question-answer-hint 
combinations including a first question-answer-hint combination corresponding to a first 
character of the password and a second group of question-answer-hint combinations 
including a second question-answer-hint combination corresponding to a second character 
of the password. 

In addition, it is preferable that each of the question-answer-hint combinations 
included in the group of question-answer-hint combinations has a different key cap image 
as a hint. 

Also, it is preferable that a question of each of the question-answer-hint 
combinations is a graphic image and an answer thereto is a single comment inputted by an 
owner of the specific membership ID corresponding to the graphic image. 

Or, it can be implemented in such a way that a question of each of the question- 
answer-hint combinations is a graphic image and an answer thereto does not exist 
separately. 

Or, it can be implemented in such a way that a question of each of the question- 
answer-hint combinations is made in the form of text and an answer thereto is a simple 
sentence comment inputted by an owner of the specific membership ID corresponding to 
the question. 

Meanwhile, the question-answer-hint combinations and the first and the second 
groups of question-answer-hint combinations are generated in advance before the first step 
and then stored in a membership information database. 

More specifically, the first and the second question-answer-hint combinations and 
the first and the second groups of question-answer-hint combinations are generated and . 
stored, before the first step, through the steps of: extracting first and second questions 
arbitrarily from a plurality of questions stored in a question database of the web server and 
providing the first and second questions to the user logged in a website with the specific 
membership ID; transmitting first and second answers written by the user in response to 
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the first and the second questions to the web server; generating the first question-answer- 
hint combination corresponding to the first question, the first answer and the first character 
of the membership ID and then the first group of question-answer-hint combinations 
having the first question-answer-hint combination and a plurality of question-answer-hint 
5 combinations except the first question-answer-hint combination, and the second question- 
answer-hint combination corresponding to the second question, the second answer and the 
second character of the membership ID and then the second group of question-answer-hint 
combinations having the second question-answer-hint combination and a multiplicity of 
question-answer-hint combinations except the second question-answer-hint combination; 
10 and storing the first and the second question-answer-hint combinations and the first and the 
second groups of question-answer-hint combinations in the membership information 
database. 

In the above process, when the password is changed, the first question-answer-hint 
combination is changed to a new first question-answer-hint combination including a hint 

1 5 about a new first character of the password after change corresponding to the location of 
the first character of the password before change; a third question-answer-hint 
combination including the hint about the new first character among the first group of 
question-answer-hint combinations is changed to a new third question-answer-hint 
combination in which the hint abput the new first character is replaced by the hint about 

20 the first character; the second question-answer-hint combination is changed to a new 
second question-answer-hint combination including a hint about a new second character of 
the password after change corresponding to the location of the second character of the 
password before change; and a fourth question-answer-hint combination including the hint 
about the new second character among the second group of question-answer-hint 

25 combinations is changed to a new fourth question-answer-hint combination in which the 
hint about the new second character is replaced by a keycap about the second character, all 
the changed combinations being stored in the membership information database. 

According to still another aspect of the present invention, there is provided a 
computer-readable storage media having a password operating program source that is 

30 encoded and stored for computer access, comprising: a first process of providing a user 
requesting authentication with a group of question-answer combinations including a 
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question-answer combination corresponding to a specific membership ID; a second process 
of allowing the user to select one question-answer combination from the group of question- 
answer combinations in a multiple-choice manner; and a third process of authenticating the 
user as an owner of the specific membership ID if the selected question-answer 
5 combination is identical to the question-answer combination corresponding to the specific 
membership ID. 

According to a further another aspect of the present invention, there is provided a 
computer-readable storage media having a password operating program source that is 
encoded and stored for computer access, comprising: a first process in which a user 
10 terminal of a membership website requests a group of question-answer-hint combinations 
to a web server in order to confirm a password of a specific membership ID; and a second 
process in which, upon receipt of the request, the web server provides the user terminal 
with a first group of question-answer-hint combinations including a first question-answer- 
hint combination corresponding to a first character of the password and a second group of 
15 question-answer-hint combinations including a second question-answer-hint combination 
corresponding to a second character of the password. 
[Description of Drawings] 

The above objects, features and advantages of the present invention will become 
more apparent from the following detailed description when taken in conjunction with the 
20 accompanying drawings, in which: 

FIG 1 illustrates an example of a process of inputting background information on 
a membership website; 

FIG 2 shows an example of a process confirming the background information 
inputted through the process described in FIG 1 ; 
25 FIG 3 describes an example of a process of authenticating via e-mail; 

FIG 4 provides a flowchart of finding a lost password of a website member by 
using a method for operating a password system according to the present invention; 

FIG 5 is a flowchart illustrating details of the step of setting-up a password hint; 
FIG 6 shows a detailed flowchart of the step of providing the password hint; 
30 FIG 7 depicts an example of a first question-answer-hint combination according to 

the present invention; 
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FIG 8 offers an example of a second question-answer-hint combination according 
to the present invention; 

FIG 9 shows an example of a first group of question-answer-hint combinations; 

FIG 10 depicts a first question-answer-hint combination; 

FIG 11 presents an example of a wrong question-answer-hint combination; 

FIG 12 describes an example of a second group of question-answer-hint 
combinations; 

FIG 13 shows an example .of a second question-answer-hint combination; 

FIG 14 represents a process of inferring a complete password by using a keycap 
obtained from the first and the second question-answer-hint combinations; and 
FIGs. 15 and 16 explain the concept of a maze-key scheme. 
[Mode for Invention] 

Although the present invention will now be described through preferred 
embodiments of a method of operating and authenticating a password system with 
reference to the accompanying drawings, the present invention is not limited to those 
embodiments. 

[Embodiment 1] 

Among methods of operating a password according to the present invention, an 
embodiment of a method of operating a password system implemented by using questions 
composed of graphic images will be described hereinafter. 

FIG 4 is a flowchart schematically showing a process of finding a lost password of 
a website member by using the password operating method according to an embodiment of 
the present invention. 

As shown in FIG 4, the process of finding the password based on the method 3 of 
the present invention comprises the three steps of: setting-up a password hint (30), 
providing a password hint (3 1), and reminding a password (32). 

[Step of setting-up the password hint] 

First of all, each member on the membership website makes a preparation for 
getting a password hint in advance against an event of forgetting the password in the step 
of setting-up password hint (30). 

Thereafter, in the step of providing the password hint (31), members who forget 
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passwords for their own IDs in that website get parts of their own passwords based on 
the password hints established in the step of setting-up the password hint (30). For 
instance, there are provided as hints key cap images corresponding to certain characters 
arbitrarily assigned by the website or specific characters selected by members themselves 
5 among the characters constituting the passwords. The number of characters giving hints 
among the characters forming the passwords is not limited but can be one, or more than 
three. In the embodiment of the present invention, an example of getting the password 
hints for two characters will be described. 

Since most people generally use limited numbers of passwords on the diverse 
10 websites, those members in the step of reminding the password (32) can easily remember 
their own passwords as a whole from the password hints provided by the step of providing 
the password hint (3 1). 

FIG 5 is a flowchart illustrating details of the step of setting-up the password hint 

(30). 

15 As depicted in FIG 5, a member sets up a password hint at the moment of joining 

the membership website, wherein at the first stage, the member gets a first question from 
the web server of the website (301). The first question is extracted arbitrarily from a 
question database DB1. According to the embodiment of the present invention, it is 
addressed that a picture (graphic image) is provided from the website and then comments 

20 thereon are written; and thus, the first question has the form of graphic image. 

Thereafter, the member submits an answer to the first question, that is, his/her own 
comments on the graphic image after getting it from the website in the present embodiment 
(302). The comments come under the first answer corresponding to the first question. 

In another embodiment of the present invention, it is possible to proceed to a next 

25 step 303, without performing the above step (302), that is, without commenting on the 
graphic image after getting it from the website. Due to the result of study on cognitive 
psychology that it takes a long time to completely forget a picture mindfully observed, it is 
allowable to implement another embodiment that doesn't need the above step (302). 

After sending the first answer, the web server checks out the password of the 

30 member in reference to the membership information database DB2 (303). The reason 
why it checks the password is to create a first question-answer-hint combination for the 
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first question. That is, in the password checking step (303), the first character, which 
doesn't need to be the first character of the password as described above, is extracted from 
the password of the member. 

The first question, the first answer and the extracted first character of the password, 
obtained from this process, are used to create the first question-answer-hint combination as 
a single body (304). In the embodiment of the present invention, the key cap image of a 
keyboard corresponding to the first character of the password is created to be linked as the 
hint 

Of course, in another embodiment excluding the above step (302), there exists no 
separate answer to the first question-answer-hint combination. 

By sending the created first combination to the member in order to confirm it 
(305), it could be possible to give the member a chance to change the first answer if it is 
written with unwanted contents (306). 

FIG 7 offers an example of the first question-answer-hint combination according 
to the present invention. Referring to FIG 7, only the question-answer combination is 
shown without the key cap image, i.e., the hint, according to the needs for security, in the 
confirming step (305). 

In case where no more modification to the first question-answer-hint combination 
is needed, the web server generates a first group of question-answer-hint combinations by 
adding another question-answer-hint combination to the first question-answer-hint 
combination and stores the same in the membership information database DB2 (307). 

Another question-answer-hint combination is selected randomly from other 
members' question-answer-hint combinations already stored in the membership 
information database DB2. At this time, the added question-answer-hint combination 
should include the image corresponding to the keycap, rather than the keycap 
corresponding to the member's first question-answer-hint combination, m general, since 
the number of keycaps representing characters is about 48, a total 48 question-answer-hint 
combinations including the first question-answer-hint combination can constitute the first 
group of question-answer-hint combinations in this embodiment. 

Naturally, the member checked only the first question-answer-hint combination 
(305), and other 47 first question-answer-hint combinations remain to be unseen. 
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In this way, once the process of setting-up the first question-answer-hint 
combination and the first group of question-answer-hint combinations is completed, the 
process of setting-up a second question-answer-hint combination and a second group of 
question-answer-hint combinations is performed in the same manner, wherein details 
thereof are omitted here. 

FIG 8 shows an example of the second question-answer-hrnt combination 
according to the present invention. Like in FIG 7, only the question-answer combination 
is presented, rather than hint (keycap image), in the checking step (315). 

Through the above process, the member completes setting-up the password hint. 

According to the present invention, a merit of the password hint established by the 
password operating method is that inputting the comments (the first answer) about the 
member's feeling for the picture (the first question) makes it easier to remember the 
password even after a long term on account of the member's sure recognition of the picture. 
Moreover, since the password hint is presented in a multiple-choice manner as mentioned 
later, the merit is maximized from the standpoints mat doesn't need to remember details 
(e.g., spacing words) of the comments written in the step of setting-up the password hint. 

Meanwhile, the member can modify the password after the step of setting-up the 
password hint, wherein there may be a question as to whether the password hint needs to 
be reestablished whenever modifying the password. The password operating method of 
the present invention, however, adopts a technique which changes the question-answer-hint 
combination into the characters corresponding to each position (the 1 st , the 2 nd ,..) of 
unmodified and modified passwords if any, and reorganizes the group of combinations in 
order to make other question-answer-hint combinations within that group of combinations 
have different keycaps from keycaps included in the question-answer-hint combination 
after modification. 

Therefore, the password operating method of the present invention allows the 
status of setting-up the password hint to be maintained regardless of changing the 
password; and thus, the member can change the password as much as he/she wants. 

[Step of providing the password hint] 

Then, in the event of forgetting the password after setting-up the password hint, a 
process of providing the password hint will be described according to an example of the 
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password operating method of the present invention. 

FIG 6 is a flowchart presenting a detailed description of the step of providing the 
password hint (31). 

As shown in FIG 6, the step of providing password hint begins when the member 
who forgot the password requests provision of the password hint through an appropriate 
menu on the membership website (321). On this occasion, the member selects a 
password hint to be provided by inputting his/her membership ID. 

The web server receiving a request for providing the password hint from the 
member searches the first group of question-answer-hint combinations corresponding to 
the membership ID in reference to the member information database DB2, and then 
provides the same to the member (322). 

FIG 9 shows an example of the first group of question-answer-hint combinations. 

As shown in FIG 9, 48 question-answer-hint combinations as many as the number 
of keycaps are provided on the screen of member's PC, wherein among them there exists 
only one question-answer-hint combination including the first answer directly written by 
the member. 

If the member selects his/her own first question-answer-hint among the first group 
of question-answer-hint combinations, as shown in FIG 10, it is possible to identify that 
the first keycap image of the password is a specific character included in the password. 
The thing different from FIG 7 or 8 is that the hint (keycap image) can also be identified, 
in addition to the question-answer. 

Likewise, the member identifies a second hint of the password by distinguishing 
the second question-answer-hint combination presented in FIG 13 which is a second 
password hint, from the second group of question-answer-hint combinations represented on 
the screen of PC shown in FIG 12. 

As shown in FIG 11, in case of selecting a wrong question-answer-hint 
combination, it is evident that due to receipt of a wrong hint the member cannot get any 
help to find the password. 

Meanwhile, a description will be given on the reason why the question-answer- 
hint combination that provides a keycap image corresponding to the specific character not 
the specific character itself as a hint is used in the embodiment of the present invention,. 
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That is, there are too many expressible characters, which can be used as the 
password on the keyboard, such as English alphabet (capital and small letter), Korean 
characters, numerals, special characters (symbols), and further unique characters according 
to other languages. Consequently, in order to provide an adequate number of choices on 
the screen, it would be more proper to adopt the keycap image having about 48 numbers of 
occasions. Furthermore, the keycap image is sufficient to help users remember the 
password because they can generally remember which character is used as the password by 
presentation of the keycap image merely. 

At this time, the number of question-answer-hint combinations constituting a 
group of question-answer-hint combinations needs to be exactly the same as, neither more 
nor less than, the number of keycap images representing the characters. 

That is, while only one combination within the group of question-answer-hint 
combinations is familiar to the member who wants to get his/her own password hint and 
the other combinations are not all familiar to him/her, any combination among the group of 
question-answer-hint combinations is not familiar to others. Therefore, the viewpoint that 
the others can get no hint about the characters constituting the password is not entirely 
unlike pressing the arbitrary keyboard. As a result, the security of the password operating 
method according to the present invention remains intact. By the way, if the number of 
question-answer-hint combinations among the group of question-answer-hint combinations 
is more than that of the keycap images, there exist overlapping keycaps. Conversely, if 
the number of question-answer-hint combinations is less than that of the keycap images, 
there are missing keycaps. Therefore, the probability of selecting each keycap within that 
group of combinations is changed, thereby having a negative effect on the security of the 
password operating method of the present invention. 
[Step of reminding the password] 

By acquiring the keycaps corresponding to the first two characters of the forgotten 
password as hints through the process explained above, the member can infer the complete 
password, which himself/herself knows (32). 

FIG 14 represents the password inferring process, in which the member is able to 
easily infer the rest of the password frequently used after taking the keycap images 
corresponding to the first and the second password hints, respectively. 
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[Embodiment 2] 

There was discussed in the first embodiment as described above the case where 
the question and the answer are made by the graphic image and the member's own 
comments on the graphic image, respectively. 
5 Meanwhile, the passwordoperating method according to the present invention is 

not limited to the case of setting-up the question and the answer to just the graphic image 
and the comments thereon, respectively. 

The following second embodiment, therefore, deals with the case of setting-up 
each of the question and the answer in the form of text 
10 FIGs. 4 to 6 as shown above are used as references for the second embodiment as 

it is. But, it only needs to note that the question is replaced by the question having the 
form of text instead of the graphic image, and the answer is replaced by the answer to that 
question instead of the comments on the graphic image. 

According to this embodiment, it can be seen that the question which is 
1 5 substantially the same as that in FIG 1 can be utilized. However, even though the same 
question is utilized, the result is quite different from the case described in FIG 1 . 

In other words, differently from the current authenticating process, although a long 
time has been passed since the member had set up the initial password, the possibility of 
failure to acquire password hints or authenticate due to trivial representative difference 
20 (e.g., spacing words) from the answer written before is considerably reduced because the 
member can get the password hint by simply selecting his/her own-written choice from 
multiple choices (the question-answer-hint combinations) through the step of providing the 
password hint 

In another modification of this embodiment, it can be possible that the system 
25 presents alliteration of two- or three-line poem instead of the question of text and the 
member inputs a line poem for the alliteration instead of inputting the answer to the 
question. 

[Embodiment 3] 

The applicant of the present invention has another patent application of Korean 
30 Patent Application No. 2004-81564, filed with Korean Intellectual Property Office on 
October 13, 2004, entitled "Safe Authentication Method," which is directed to a password 
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operating method using a maze-key scheme. 

FIGs. 15 and 16 describe the concept of the maze-key scheme. 

Hereinafter, the concept of the maze-key scheme will be simply explained with 
reference to FIGs. 15 and 16. 

First of all, it is assumed that a specific member designates a maze-key of figures 



of I — *L — I I ^HW I (woman-money-heart) and makes a memorizing formula 

"woman loves money" in order to memorize the maze-key. 

In the password operating method using the maze-key scheme, a password is 
inputted by pressing direction keys of a keyboard in a logging process. Namely, as shown 
in FIG 15, the direction keys are pressed to reach the second key of 'money* starting from 
the first key of 'woman', and likewise, to reach the last key of 'heart' starting from the key 
of 'money', wherein the first to the third keys are pre-designated by the member. 

Meanwhile, since the member can forget these designated maze-keys in this 
password operating method using the maze-key scheme, it is necessary to provide hints of 
the maze keys against the case of forgetting them later. 

In this case, the password operating method of the present invention can also be 
applied, like the other embodiments as mentioned above. 

Each element (each key) constituting the maze-key can be the image as shown in 
FIG 15 or 16, or numeral or character. Therefore, with regard to the image of each 
element key (or number/character) constituting the maze-key, it is possible to remember 
each element key forming the maze key in the same way as the first embodiment, by 
replacing the hint in the first embodiment as mentioned above by the image of each 
element key instead of the keycap image to generate a question-answer-hint combination 
and a group of question-answer-hint combinations including it 

Consequently, the password operating method according to the present invention 
can also be adopted in such a method using the maze-key scheme in order to provide the 
hint for remembering the maze-key in the case of foigetting the member's own maze-key. 
[Other Embodiments] 

If the picture provided in the first embodiment of the present invention is a 3D 
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rendering graphic image, the pictures (question) for obtaining the first and the second 
password hints offered in the step of providing the password hint can be replaced by the 
pictures observed in another angle or from different distance. 

Moreover, it is also possible to apply the combination of the above various 
5 embodiments to the process of establishing the first and the second password hints. That 
is, the question-answer for the first password hint is made by combining the comments on 
the graphic image, and the question-answer for the second password hint is made by 
combining the answers to the question. 

In the meantime, it is desirable to provide more hints, if necessary, by increasing 
10 the number of times of establishing and providing hints. Conversely, it is also desirable 
to provide a hint including a keycap image of many characters with only one request for 
the password hint by corresponding keycaps for more than two password characters to one 
question-answer combination. 

As mentioned above, although the password operating method of the present 
15 invention has been described with reference to the specific embodiments, it is not to be 
restricted by the embodiments and figures. Namely, it is to be appreciated that those 
skilled in the art can change or modify the embodiments without departing from the scope 
and sprit of the present invention. 

For example, the specific embodiments of the present invention as described 
20 above dealt with the case of website merely, but the password operating method of the 
present invention can also be applied to the password used in windows, mobile phones and 
soon. 

[Industrial Applicability] 

As described above, the present invention can implement a method for operating 
25 and authenticating a password system which provide an authenticating process on the 
website without collecting any personal information while having the same level of 
security compared to that of a password, hiding the meaning even from a website 
administrator, and assuring high reliability on the authentication of users on the website, 
and storage media storing a program source of the method. 



30 



WO 2006/123899 



17 



PCT7KR2006/001852 



[CLAIMS] 

[Claim 1 ] A method of operating a password system on a membership website, 
comprising: 

a first step of providing a user requesting authentication with a group of question- 
answer combinations including a question-answer combination corresponding to a specific 
membership identification (ID); 

a second step of allowing the user to select one question-answer combination from 
the group of question-answer combinations in a multiple-choice manner; and 

a third step of authenticating the user as an owner of the specific membership ID 
if the selected question-answer combination is identical to the question-answer 
combination corresponding to the specific membership ID. 

[Claim 2] A method of operating a password system, comprising: 

a first step in which a user terminal requests a group of question-answer-hint 
combinations to a web server in order to confirm a password of a specific membership ID; 
and 

a second step in which, upon receipt of the request, the web server provides the 
user terminal with a first group of question-answer-hint combinations including a first 
question-answer-hint combination corresponding to a first character of the password and a 
second group of question-answer-hint combinations including a second question-answer- 
hint combination corresponding to a second character of the password. 

[Claim 3] The method according to claim 2, wherein each of the question- 
answer-hint combinations included in the first and the second groups of question-answer- 
hint combinations has a different key cap image as a hint. 

[Claim 4] The method according to claim 2, wherein a question of each of the 
question-answer-hint combinations is a graphic image and an answer to the question is a 
simple sentence comment inputted by an owner of the specific membership ID 
corresponding to the graphic image. 

[Claim 5] The method according to claim 2, wherein a question of each of the 
question-answer-hint combinations is a graphic image and an answer to the question does 
not exist separately. 

[Claim 6] The method according to claim 2, wherein a question of each of the 
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question-answer-hint combinations is made in the form of text and an answer to the 
question is a simple sentence comment inputted by an owner of the specific membership 
ID corresponding to the question. 

[Claim 7] The method according to any one of claims 4 to 6, wherein the first 
5 and the second question-answer-hint combinations and the first and the second groups of 
question-answer-hint combinations are generated in advance before the first step and then 
stored in a membership information database. 

[Claim 8] The method according to claim 7, wherein the first and the second 
question-answer-hint combinations and the first and the second groups of question-answer- 
1 0 hint combinations are generated and stored, before the first step, through the steps of: 

extracting first and second questions arbitrarily from a plurality of questions 
stored in a question database of the web server and providing the first and second questions 
to the user logged in a website with the specific membership ID; 

transmitting first and second answers written by the user in response to the first 
15 and the second questions to the web server; 

generating the first question-answer-hint combination corresponding to the first 
question, the first answer and the first character of the membership ID and then the first 
group of question-answer-hint combinations having the first question-answer-hint 
combination and a plurality of question-answer-hint combinations except the first question- 
20 answer-hint combination, and the second question-answer-hint combination corresponding 
to the second question, the second answer and the second character of the membership ED 
and then the second group of question-answer-hint combinations having the second 
question-answer-hint combination and a multiplicity of question-answer-hint combinations 
except the second question-answer-hint combination; and 
25 storing the first and the second question-answer-hint combinations and the first 

and the second groups of question-answer-hint combinations in the membership 
information database. 

[Claim 9] The method according to claim 8, wherein when the password is 

changed, 

30 the first question-answer-hint combination is changed to a new first question- 

answer-hint combination including a hint about a new first character of the password after 
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change corresponding to the location of the first character of the password before change, 

a third question-answer-hint combination including the hint about the new first 
character among the first group of question-answer-hint combinations is changed to a new 
third question-answer-hint combination in which the hint about the new first character is 
replaced by the hint about the first character, 

the second question-answer-hint combination is changed to a new second 
question-answer-hint combination including a hint about a new second character of the 
password after change corresponding to the location of the second character of the 
password before change, and 

a fourth question-answer-hint combination including the hint about the new 
second character among the second group of question-answer-hint combinations is 
changed to a new fourth question-answer-hint combination in which the hint about the new 
second character is replaced by a keycap about the second character, all the changed 
combinations being stored in the membership information database. 

[Claim 10] A computer-readable storage media having a password operating 
program source that is encoded and stored for computer access, comprising: 

a first process of providing a user requesting authentication with a group of 
question-answer combinations including a question-answer combination corresponding to 
a specific membership ID; 

a second process of allowing the user to select one question-answer combination 
from the group of question-answer combinations in a multiple-choice manner; and 

a third process of authenticating the user as an owner of the specific membership 
ID if the selected question-answer combination is identical to the question-answer 
combination corresponding to the specific membership ID. 

[Claim 11] A computer-readable storage media having a password operating 
program source that is encoded and stored for computer access, comprising: 

a first process in which a user terminal of a membership website requests a group 
of question-answer-hint combinations to a web server in order to confirm a password of a 
specific membership ID; and 

a second process in which, upon receipt of the request, the web server provides 
the user terminal with a first group of question-answer-hint combinations including a first 



WO 2006/123899 



20 



PCT/KR2006/001852 



question-answer-hint combination corresponding to a first character of the password and a 
second group of question-answer-hint combinations including a second question-answer- 
hint combination corresponding to a second character of the password. 
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Fig. 2 



Please use the below method if you cannot remember the 
question/answer for authentication 



authenticating 

H Answer for : 

authentication — 

S Registered e-mai I ... .ebie@f reechal .com 

H Telephone number 016-735-**** 



Authentication using 
a mobi le phone 



Authentication using 
a credit card 



CH Question for 



Where is your birthplace? 




WO 2006/123899 



PCT/KR2006/001852 



3/16 



Fig. 3 
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Fig. 4 
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Fig. 5 
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Fig. 6 
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Fig. 7 
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Fig. 8 
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Fig. 9 
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Fig. 10 
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Fig. 12 
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